Skip to content
Branch: master
Commits on Oct 22, 2019
  1. remove references

    boutell committed Oct 22, 2019
Commits on Sep 18, 2016
  1. Merge pull request #5 from johanvdw/externc

    boutell committed Sep 18, 2016
    Ensure proper linkage to C++ programs
Commits on Feb 28, 2016
  1. Version 2.07 implements supports for keys with no = sign, which are a…

    boutell committed Feb 28, 2016
    …ssigned an empty string as a value. Thanks to Geoff Mulligan for the suggestion. Also added some simple unit tests to cover this change and its possible side effects on other things.
Commits on Jun 16, 2015
  1. Merge pull request #4 from shantanugadgil/patch-1

    boutell committed Jun 16, 2015
    verify variable to be non-null (scan-build warning)
Commits on May 20, 2015
  1. Merge pull request #3 from PiotrekGitHub/alpha

    boutell committed May 20, 2015
    Changing the type of a local variable
Commits on Apr 23, 2015
  1. Merge pull request #2 from CatKang/master

    boutell committed Apr 23, 2015
    Change parameter of escape functions from char* to const char*
Commits on Jan 23, 2014
  1. Accepted patches from Jeffrey Hutzelman:

    boutell committed Jan 23, 2014
    I've attached a patch that fixes several problems we found in CGIC 2.05.
    I can split these up into multiple patches, if that's helpful, but as
    it is each fix is fairly self-contained.
    * In main(), when parsing form input fails, the CGI script exits without
      producing any output whatsoever.  Wouldn't it be better to actually
      emit an error status, instead of expecting the server to do something
      sane with a script that produces no output?
    * In mpRead(), a check is done to insure the requested length is not
      greater than the amount of data still available, and to adjust it
      if necessary.  However, this check is currently done _after_ reading
      data from the putback buffer, in which process len is decremented by
      the amount of putback data read, but mpp->offset is not correspondingly
      incremented (this happens later).  As a result, the check uses too
      small a value for len, and so fails to stop reading soon enough if
      the requested length is greater than what is available _and_ there
      was any data in the putback buffer.
      The fix is to move the check to the beginning of mpRead()
    * Further, if a read request is satisfied _entirely_ from the putback
      buffer, mpp->offset is not updated at all, resulting in a similar
      problem.  The solution is to update mpp->offset in the "else if (got)"
    * In cgiParsePostMultipartInput(), if the Content-Disposition of a part
      is not "form-data", afterNextBoundary() is not called before beginning
      to process the next part.  As a result, parsing of the next part headers
      begins with the body of the unwanted part.  It is necessary in this case
      to call afterNextBoundary() before continuing with the next cycle.
    * In handling out-of-memory conditions in afterNextBoundary(), *outP is
      set to '\0'.  While this is technically legal ('\0' is "an integral
      constant expression with the value 0"), it looks funny.
    * In cgiCookieString(), a change was introduced in v2.02 which purports
      to prevent an overrun in cases where cgiCookie is exactly equal to
      the requested cookie name.  In fact, the problem can also occur if
      the requested name occurs with no values at the end of cgiCookie.
      Further, the change from v2.02 does not fix the problem, because it
      compares the _pointers_ p and n to NULL, which they will never equal,
      rather than comparing the pointers they point at to NUL.
    * Also in cgiCookieString(), there is a comment suggesting that the main
      loop never terminates except with a return.  This is not the case.
      For example, it will terminate if the requested cookie is not found
      and the cgiCookie string ends in a semicolon.
    * Why did days[] (formerly daysOfWeek[]) and months[] become non-static?
      This pollutes the namespace of programs using CGIC.
    * In cgiReadEnvironment(), when reading in the contents of an uploaded
      file, it is possible that a temporary file is successfully created
      but then cannot be opened.  In this case, no attempt is made to remove
      the tempoary file.
    * Further, when a form entry does _not_ include an uploaded file,
      e->tfileName is set to malloc'd but uninitialized memory.  It should
      be set to an empty string, by setting e->tfileName[0] to zero after
      the 1-byte buffer is allocated.
  2. copyright dates

    boutell committed Jan 23, 2014
  3. typo

    boutell committed Jan 23, 2014
  4. first commit

    boutell committed Jan 23, 2014
You can’t perform that action at this time.